Flaws Found in Hitachi Energy’s MicroSCADA X SYS600: CVEs Could Enable File Tampering, DoS, and MITM Attacks

Hitachi Energy has released a cybersecurity advisory (8DBD000218) disclosing five newly discovered vulnerabilities affecting its MicroSCADA X SYS600 product, a widely deployed supervisory control and data acquisition (SCADA) system used for monitoring and managing power systems. The vulnerabilities, tracked as CVE-2025-39201 through CVE-2025-39205, impact product versions 10.0 to 10.6, with some flaws rated as high severity under CVSS v4.0.

“An attacker successfully exploiting these vulnerabilities can cause confidentiality, integrity and availability impacts,” Hitachi Energy stated in its advisory.

CVE-2025-39201 – Local Denial of Service via File Tampering

In this vulnerability, the Notify service component of MicroSCADA is left exposed due to incorrect default file permissions. A local unauthenticated attacker could exploit these permissions to tamper with a system file, resulting in the disruption of notification functionalities within the SCADA system. This flaw affects versions 10.0 to 10.6, and while its CVSS v3.1 base score is 6.1, the potential operational impact on utility operators is far from trivial.

CVE-2025-39202 – File Overwrite by Low-Privilege Users

This vulnerability combines two issues—execution with unnecessary privileges and external control of filename or path. Here, a low-privileged authenticated user could gain access to files they shouldn’t be able to see or modify. Exploiting this flaw could lead to sensitive data leakage or integrity issues within the system. The vulnerability exists across versions 10.0 to 10.6, and is rated 7.3 (High) under CVSS v3.1 and 8.3 (High) under CVSS v4.0.

CVE-2025-39203 – DoS via Crafted IEC 61850 Messages

A more technical yet impactful vulnerability exists in the way MicroSCADA processes IEC 61850-8 messages. A specially crafted message, when sent to a device running versions 10.5 to 10.6, can bypass integrity checks and cause the system to enter a denial-of-service loop, leading to device disconnection from the network. Though the CVSS v3.1 rating is 6.5, its v4.0 rating jumps to 8.3, reflecting a high likelihood of operational disruption.

CVE-2025-39204 – Web Interface Data Leak

Improper input validation in MicroSCADA’s Web interface filtering system makes it possible to retrieve unauthorized data by manipulating query parameters. Exploiting this flaw can lead to exposure of sensitive internal information, even if the user is not intended to access it. This vulnerability affects all versions from 10.0 to 10.6, and scores 8.5 (High) under CVSS v4.0.

CVE-2025-39205 – TLS MITM Risk Due to Weak Certificate Validation

The final and perhaps most alarming vulnerability involves the lack of proper certificate validation in TLS-based IEC 61850 communications. Present in versions 10.3 to 10.6, this flaw enables attackers to perform man-in-the-middle (MITM) attacks and intercept or manipulate communications between SCADA components. Rated 8.5 (High) under CVSS v4.0, this issue directly threatens the confidentiality and trustworthiness of critical power infrastructure data flows.

Mitigation and Recommendations

All five vulnerabilities have been patched in MicroSCADA X SYS600 version 10.7. Hitachi Energy strongly recommends upgrading immediately. In addition, administrators should follow standard ICS security practices, such as network segmentation, limiting physical and network access, enforcing password policies, and using only scanned and approved removable media.

Related Posts:

• Critical Vulnerabilities Expose Hitachi Energy MicroSCADA X SYS600 to Cyberattacks
• Ransomhub’s SCADA Hack: A Wake-Up Call for Industrial Cybersecurity
• FIRST published the Common Vulnerability Scoring System (CVSS v4.0)
• Hitachi Energy’s Asset Suite Hit by Multiple Critical Vulnerabilities
• Critical Flaws Exploited: Cisco, Windows, Hitachi, WhatsUp Gold at Risk